Publicación: Análisis y técnicas de prevención, detección y ataques de phishing
Cargando...
Fecha
2022-09
Autores
Editor/a
Director/a
Tutor/a
Coordinador/a
Prologuista
Revisor/a
Ilustrador/a
Derechos de acceso
info:eu-repo/semantics/openAccess
Título de la revista
ISSN de la revista
Título del volumen
Editor
Universidad Nacional de Educación a Distancia (España). Escuela Técnica Superior de Ingeniería Informática
Resumen
En la actualidad, es muy relevante la implementación de técnicas que sean capaces de evitar las consecuencias producidas por phishing, una de las mayores amenazas de la ingeniería social, o al menos minimizar lo más posible las vulnerabilidades derivadas de ataques a organizaciones, sobre todo en el ámbito de infraestructuras críticas o de altas prestaciones. En este sentido, tiene un gran interés asociado el realizar el análisis de malware mediante herramientas específicas para tal efecto. Primeramente, en este trabajo se describirán los tipos de phishing existentes en la actualidad, así como las técnicas de prevención y detección desarrolladas para intentar frenar este tipo de ataques contra la integridad de datos personales, empresariales o institucionales, haciendo hincapié en la utilización de machine learning. A continuación, se analizarán en profundidad algunas de las herramientas y algoritmos propuestos en la literatura científica para la detección de phishing y finalmente se harán pruebas con varios ataques de phishing estudiados previamente, a través de aplicaciones existentes para tal efecto y así, mostrar gráficamente su potencial y daños posibles a usuarios y organizaciones, de una manera rápida y sencilla, con alta probabilidad de éxito.
At present, the implementation of techniques that are capable of avoiding the consequences produced by phishing, one of the greatest threats of social engineering, or at least minimizing as much as possible the vulnerabilities derived from attacks on organizations, especially in the field of critical or high-performance infrastructures. In this sense, it is of great interest to perform malware analysis using specific tools for this purpose. Firstly, this paper will describe the types of phishing currently in existence, as well as the prevention and detection techniques developed to try to stop this type of attack against the integrity of personal, business or institutional data, emphasizing the use of machine learning. Next, some of the tools and algorithms proposed in the scientific literature for phishing detection will be analyzed in depth and finally tests will be carried out with several previously studied phishing attacks, through existing applications for this purpose and thus, graphically show their potential and possible damage to users and organizations, quickly and easily, with a high probability of success.
At present, the implementation of techniques that are capable of avoiding the consequences produced by phishing, one of the greatest threats of social engineering, or at least minimizing as much as possible the vulnerabilities derived from attacks on organizations, especially in the field of critical or high-performance infrastructures. In this sense, it is of great interest to perform malware analysis using specific tools for this purpose. Firstly, this paper will describe the types of phishing currently in existence, as well as the prevention and detection techniques developed to try to stop this type of attack against the integrity of personal, business or institutional data, emphasizing the use of machine learning. Next, some of the tools and algorithms proposed in the scientific literature for phishing detection will be analyzed in depth and finally tests will be carried out with several previously studied phishing attacks, through existing applications for this purpose and thus, graphically show their potential and possible damage to users and organizations, quickly and easily, with a high probability of success.
Descripción
Categorías UNESCO
Palabras clave
phishing, aprendizaje automático, algoritmo, malware, ingeniería social, ciberataques, machine learning, algorithm, social engineering, cyberattacks
Citación
Centro
Facultades y escuelas::E.T.S. de Ingeniería Informática
Departamento
No procede